confirm client TLS cert and Cipher

Question

hello, &nbsp;
i have a VS with client SSL profile has 2 certificates and when client try to connect i can see on profile statistics that he has invalid certificate and when i captured the traffic i didn't see any TLS handshake only TCP!!!, from his side he sent to me a log file that confirm that he is using the right client certificates and one of F5 default TLS1.2 cipher suite with error of TLS handshake failure....&nbsp;
From F5 side how can i make sure of the certificates he is connected with and its cipher ?????? &nbsp;

ahmedgalal219_3 · Answer

nothing???&nbsp;

stanislas_piro2 · Answer

If in capture, you don’t see TLS handshake, you can’t do anything on f5 side!!!&nbsp;
In TLS, the first packet is CLIENTHELLO from client. If the client doesn’t send it, the F5 will reject the connection.&nbsp;

surgeon · Answer

What port are you using on your VIP? 443? if not then it might happen that wireshark can not decode it. Just decode the traffic as SSL and you should see ssl traffic.&nbsp;
Also check if the client hits the big-ip at all.&nbsp;

Forum Discussion

confirm client TLS cert and Cipher

3 Replies

Recent Discussions

Client certificate Authentication - open multiple tabs

google autenticator broken barcode

Chrome V 124+ on MacOS - Virtual Server Access Issue

vulnerabilities (CVE-2020-36363), CVE-2016-0736,CVE-2019-6593-FOR VERSION BIGIP LTM-16.1.4

Port Group on F5OS network setting

Related Content

Disabling Weak Ciphers

Cipher suite mismatch advertisement/warning

Display a warning on client browser when cipher suite mismatch

iRule based RADIUS Client Stack

CBC ciphers in relation to RFC7366 Encrypt-then-MAC